Date: Mon, 17 Jan 2000 20:52:43 -0500 From: "Crist J. Clark" <cjc@cc942873-a.ewndsr1.nj.home.com> To: Richard Martin <dmartin@origen.com> Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: loss of setup option in ipfw Message-ID: <20000117205243.A63571@cc942873-a.ewndsr1.nj.home.com> In-Reply-To: <3882608D.E77903EE@origen.com>; from dmartin@origen.com on Sun, Jan 16, 2000 at 06:21:33PM -0600 References: <3882608D.E77903EE@origen.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Jan 16, 2000 at 06:21:33PM -0600, Richard Martin wrote: > I am setting up a new server with ipfw packet filtering and I have a couple of > questions about some quirks. > > First, I cannot now use the 'setup' option for TCP packets. Whether the line > is in the script or entered at the command line, if it has 'setup' in the > option position, the rule fails. And the error message is...? > I have added a few ports since I first set up the firewall - Tripwire, LSOF, a > few others- and somewhere along the way, something seems to have affected > ipfw, because it was working OK before. Now when the script runs, even at > reboot, the firewall lines with 'setup' at the end fail. A TCP rule with setup > entered at the command line fails, but removing 'setup' allows it to be added > to the chain. And command lines and the error messages are...? > ************ > > Second, I have noticed that replies packets coming our of our LAN (like ftp > data) behind the firewall are addressed back to the internal LAN IPs. This is > odd: other NAT/masquerading systems I have used have the replies come back to > the external IP and a table is kept for replies to rout the packets back to > the right address. > > Do I have something misconfigured. or is this just the way NATD works in > F'BSD? The packets with addresses of your private address-space are leaking out onto the net? That should not be happening. How is natd configured and how is your network setup? What are your firewall rules? -- Crist J. Clark cjclark@home.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000117205243.A63571>